<identity> Web.config section
The <identity> Web.config section defines what identity (Windows account) to use when accessing the ASP.NET application.
Here is the generic syntax of the <identity> section of the Web.config:
<identity impersonate="true|false" userName="username" password="password"/>
Impersonation is the concept whereby an application executes under the context of the identity of the client that is accessing the application.
This is achieved by using the access token provided by IIS.
By default the ASPNET Windows account is used to access ASP.NET resources through the Aspnet_wp.exe process.
This account is less powerful, compared to the IUSR_ machinename guest Internet account used by classic ASP for example.
In certain situations you might want to use the anonymous IUSR_ machinename account, as the account accessing your ASP.NET application and you can do that by using the following code in your Web.config file:
<system.web>
<identity impersonate="true" />
</system.web>
In this case we use impersonation. In short impersonation is the act of ASP.NET executing code in the context of an authenticated client (Windows account).
If you want you can specify a particular account Windows account to be used instead of the ASPNET Windows account. You can do it like this:
<system.web>
<identity impersonate="true" userName="WindowsDomain\YourUserName" password="YourPassword" />
</system.web>